Answered: [Security threat] tags are not sanitized in extra question field

Post date: 2020-07-01 00:44:51
Views: 304

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.

Please click Here to read the full story.
 
Other Top and Latest Questions:
Buying the American Dream: The best tools, strategies and hacks for first-time house hunters
Ford Q2 sales drop 10.3% due to F-Series supplier issue, falling EV demand
Rivian raises 2026 delivery outlook while Lucid misses Wall Street expectations for second quarter
One of Josh Brown's favorite long-time holdings is now one of the Best Stocks in the Market
Meta’s push into cloud computing means Wall Street has to prepare for lower margins
Stock market gains minted nearly 1 million new millionaires in 2025, new UBS report says
Apple plans five new iPhones through 2027, eyes Chinese-made chips amid foldable push, reports say
Google loses fight over record $4.7 billion EU antitrust fine
Movie: Mind Ripper
These are the top stock picks from UBS analysts heading into the third quarter